Debian Bug report logs -
#751894
xen: CVE-2014-4021 / XSA-100
Reported by: Henri Salo <henri@nerv.fi>
Date: Tue, 17 Jun 2014 16:30:02 UTC
Severity: important
Tags: fixed-upstream, security
Merged with 757724
Fixed in version xen/4.4.1-1
Done: Bastian Blank <waldi@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#751894; Package xen.
(Tue, 17 Jun 2014 16:30:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Tue, 17 Jun 2014 16:30:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: xen
Version: 4.0.1-5.11
Severity: important
Tags: security, fixed-upstream
Please see for details: http://www.openwall.com/lists/oss-security/2014/06/17/6
Patch: http://seclists.org/oss-sec/2014/q2/att-549/xsa100.patch
---
Henri Salo
[signature.asc (application/pgp-signature, inline)]
Marked as found in versions 4.3.0-3.
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org.
(Tue, 17 Jun 2014 16:36:10 GMT) (full text, mbox, link).
No longer marked as found in versions 4.0.1-5.11.
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org.
(Tue, 17 Jun 2014 16:36:14 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#751894; Package xen.
(Tue, 17 Jun 2014 16:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Tue, 17 Jun 2014 16:45:04 GMT) (full text, mbox, link).
Message #14 received at 751894@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Sorry I made copypaste mistake with version numbers. I haven't checked other
versions than sid. I can check others if needed.
[signature.asc (application/pgp-signature, inline)]
Bug reassigned from package 'xen' to 'src:xen'.
Request was from Ian Campbell <ijc@hellion.org.uk>
to control@bugs.debian.org.
(Fri, 29 Aug 2014 18:21:20 GMT) (full text, mbox, link).
No longer marked as found in versions 4.3.0-3.
Request was from Ian Campbell <ijc@hellion.org.uk>
to control@bugs.debian.org.
(Fri, 29 Aug 2014 18:21:21 GMT) (full text, mbox, link).
Merged 751894 757724
Request was from Ian Campbell <ijc@hellion.org.uk>
to control@bugs.debian.org.
(Fri, 29 Aug 2014 18:21:24 GMT) (full text, mbox, link).
Message #21 received at 757724-close@bugs.debian.org (full text, mbox, reply):
Source: xen
Source-Version: 4.4.1-1
We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 757724@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Blank <waldi@debian.org> (supplier of updated xen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 21 Sep 2014 10:45:47 +0200
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture: source all
Version: 4.4.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
Changed-By: Bastian Blank <waldi@debian.org>
Description:
libxen-4.4 - Public libs for Xen
libxen-dev - Public headers and libs for Xen
libxenstore3.0 - Xenstore communications library for Xen
xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64
xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64
xen-hypervisor-4.4-armhf - Xen Hypervisor on ARMHF
xen-system-amd64 - Xen System on AMD64 (meta-package)
xen-system-arm64 - Xen System on ARM64 (meta-package)
xen-system-armhf - Xen System on ARMHF (meta-package)
xen-utils-4.4 - XEN administrative tools
xen-utils-common - Xen administrative tools - common files
xenstore-utils - Xenstore command line utilities for Xen
Closes: 757724
Changes:
xen (4.4.1-1) unstable; urgency=medium
.
* New upstream release.
- Fix several vulnerabilities. (closes: #757724)
CVE-2014-2599, CVE-2014-3124,
CVE-2014-3967, CVE-2014-3968,
CVE-2014-4021
Checksums-Sha1:
fef253fe6de448249f4f2af71cc93627d4492867 2625 xen_4.4.1-1.dsc
900ed093d14caf511fa1a22f48bbf0499bb2ee11 3778516 xen_4.4.1.orig.tar.xz
52fe4b09152e0d9ef9418c5707a79c53a21401ae 47404 xen_4.4.1-1.debian.tar.xz
530c8f55ce918a897d5e379a15be4d0154324c9d 119982 xen-utils-common_4.4.1-1_all.deb
Checksums-Sha256:
d5c1b5e09cf81bd08515946bee551f0620c75d32db21559e9625c71c6ffd746b 2625 xen_4.4.1-1.dsc
c51b9f10047779d76b9f9900e2f626008d07ffe9a35f6221d703a542e599a8cb 3778516 xen_4.4.1.orig.tar.xz
eab4d0a42e5f40263b96b682bca58b993df86b74986ea3209ff711197a943549 47404 xen_4.4.1-1.debian.tar.xz
d145fe0cf0902e6dd46b29904cda2098d2ed5fb0e2bf14b3d08814bf4caa6341 119982 xen-utils-common_4.4.1-1_all.deb
Files:
00dac2f4228a52ff39a6b512338512b5 119982 kernel optional xen-utils-common_4.4.1-1_all.deb
6bc2d3281e9b225d2595785aa59de3b8 2625 kernel optional xen_4.4.1-1.dsc
eb8b9505a28561d4d0a8409f1b43fb0a 3778516 kernel optional xen_4.4.1.orig.tar.xz
4086649f238640315e9433b3e72208f4 47404 kernel optional xen_4.4.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUHpkSAAoJEG2TiIWKaf5R5JkH/RGkdoLeKNLW8V3zemkQg1DT
jekBzriF6vCvDpNemkKoqUXMs3Js9OOQz05sGkKzkphXaLZlNe7Ch/b1swRltnBL
Embtl+PGgXn1+sW2y1TJGf16lYqm4ytQvU72vhBusl2iNagULQoqbmFyie9t++mz
hWxnBRR3AKzcAgtFpAZJuxncUDF0+E3DwBhQ3s9u2sL6h7nesrwA0hOgGK9uQNZA
KiuuW+2s+baHT0YiFzbJJ9GARNLyzqAj56bWOn+1JOVhCz5QHA12+83ygPqV6tvl
Rrwz1nzLpELvTattouwS31ZqjiumkVP0QwdmCeFuRW5Qpd+niKSNErPVp1RdY3M=
=flr0
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 20 Nov 2014 07:28:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:22:15 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon